-
-
Save tuck1s/38bbc03954f2c1ca86bf549c0c3218bb to your computer and use it in GitHub Desktop.
Simple server you can run on Port 443 that displays incoming client certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"crypto/x509" | |
"fmt" | |
"github.com/grantae/certinfo" | |
"io/ioutil" | |
"log" | |
"net/http" | |
) | |
func HelloServer(w http.ResponseWriter, req *http.Request) { | |
w.Header().Set("Content-Type", "text/plain") | |
w.Write([]byte("This is an example server.\n")) | |
if req.TLS != nil { | |
for _, crt := range req.TLS.PeerCertificates { | |
result, err := certinfo.CertificateText(crt) | |
if err != nil { | |
log.Fatal(err) | |
} | |
fmt.Print(result) | |
} | |
} | |
} | |
func main() { | |
log.SetFlags(log.Lshortfile) | |
cachain_b, err := ioutil.ReadFile("cacert.pem") | |
if err != nil { | |
log.Println("Can't read cachain file: %v", err) | |
return | |
} | |
pool := x509.NewCertPool() | |
pool.AppendCertsFromPEM(cachain_b) | |
tlsConfig := tls.Config{ | |
ClientAuth: tls.RequireAndVerifyClientCert, | |
ClientCAs: pool, | |
} | |
server := &http.Server{ | |
Addr: ":4443", | |
TLSConfig: &tlsConfig, | |
} | |
http.HandleFunc("/", HelloServer) | |
err = server.ListenAndServeTLS("../my-smtp-proxy/fullchain.pem", "../my-smtp-proxy/privkey.pem") | |
if err != nil { | |
log.Fatal("ListenAndServe: ", err) | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment